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Chapter  1 


INTRODUCTION 


The  concept  of  “Need  to  share”  has  particularly  gained  popularity  in  the  aftermath  of 
9/1 1  attack  in  comparison  to  the  traditional  Need  to  Know  model. 

Taking  an  example  of  the  US  Federal  Systems,  Each  intelligence  agency  has  its  own 
networks  and  data  store  that  make  it  difficult  to  aggregate  together  the  facts  and  warn 
of  adversaries  ahead  of  time  [10].  The  inability  or  unwillingness  to  share  information 
was  recognized  as  an  Intelligence  Community  weakness  by  both  the  9/11 
Commission  and  the  Weapons  of  Mass  Destruction  (WMD)  Commission  [10].  The 
Need  to  Share  environment  is  necessary  to  uncover,  respond,  and  protect  against 
threats. 

Secure  Information  Sharing  (SIS)  is  of  prime  importance  in  today’s  electronic  world. 
It  application  ranges  from  highly  confidential  federal  systems  to  social  media 
application  handling  user  data. 

Collaborative  system  are  not  only  restricted  to  federal  systems,  we  can  find  such 
systems  in  day  to  day  life  as  well.  An  example  for  such  a  collaborative  system  can  be 
picturized  in  a  university  environment,  which  has  a  set  of  system  like  Admissions, 
Library,  University  Health  Service  (UHS)  sharing  data  for  various  purposes  like  the 
Admissions  department  querying  the  UHS  for  immunization  records  prior  to  student 
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course  registration,  this  will  help  the  university  enforce  the  policy  of  student 
immunization  during  the  start  of  the  semester. 

Social  Network  like  Facebook  [21]  is  growing  rapidly  with  currently  having  more 
than  500  million  registered  users.  It  is  a  place  for  Information  Sharing  wherein  people 
communicate  sharing  data  with  others  as  well  as  with  various  third  party  applications 
which  pull  our  personal  data  to  provide  services  on  the  Facebook  platform. 

From  all  the  above  examples,  we  understand  that  data  sharing  is  important;  however 
at  the  same  time  protecting  the  information  from  unauthorized  usage  is  equally 
significant. 

Traditional  access  control  models  do  support  important  SIS  aspect  though  it  has  not 
been  satisfying  for  varied  domains  and  requirements  of  the  modern  information 
sharing  era.  For  example  Discretionary  Access  Control  (DAC)  works  on  the  concept 
of  owner  control.  Owner  has  the  right  to  make  decision  about  who  can  access  a 
particular  object.  While  this  is  an  important  SIS  aspect,  DAC  is  fundamentally  limited 
in  that  it  controls  access  only  to  the  original  object  but  not  to  copies.  The  lack  of 
constraints  on  copying  information  from  one  file  to  another  makes  it  difficult  to 
maintain  safety  policies  and  verify  that  safety  policies.  If  objects  could  be  read,  one 
can  read  and  create  a  copy  of  this  object  [7]. 

Further,  DAC  is  also  too  fine-grained  in  practice  since  the  secure  information  sharing 
responsibility  falls  on  the  owner  of  the  information.  The  system  provides  no  guidance 
as  to  how  information  can  be  effectively  shared. 
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Mandatory  Access  Control  or  MAC  and  models  such  as  that  of  Bell-LaPadula 
(BLP)  assigns  security  labels  to  subjects  and  objects  and  is  based  on  restricting 
information  flow  from  more  secure  classification  levels  to  less  secure  levels.  In  BLP, 
information  can  only  flow  from  a  subject  of  lower  clearance  to  that  of  higher 
clearance  and  not  vice-versa.  The  intended  objective  is  that  of  confidentiality  of 
objects  at  higher  security  clearance  from  that  of  subjects  executing  at  lower  clearance 
which  is  common  in  military  to  allow  Generals  to  see  certain  information  and  not 
Soldiers  [11]. 

The  modern  concept  of  Role-Based  Access  Control  (RBAC)  [7]  is  a  more  generalized 
model  and  can  be  viewed  as  an  evolution  of  access  control  to  simplify  administration 
in  organizations  bringing  in  additional  concepts  such  as  hierarchies  and  constraints.  It 
has  also  been  shown  that  RBAC  is  policy  neutral  in  the  sense  that  it  can  be  configured 
to  enforce  both  DAC  and  MAC  policies  [8]. 

However,  As  RBAC  is  too  general  it  does  not  directly  address  information  sharing 
does  not  provide  a  framework  for  secure  sharing. 

Group-Centric  sharing  differs  from  other  models  as  it  advocates  bringing  the  users 
and  objects  together  to  facilitate  sharing  by  focusing  on  semantics  of  group 
operations. 

Our  focus  in  this  thesis  is  to  use  the  concepts  of  Group  Centric  Information  Sharing 
[1]  and  develop  ontology’s  in  Web  Ontology  Language  (OWL)  [22]  and  further  use 
these  ontology’s  to  build  a  framework  to  demonstrate  the  usefulness  of  such  a  system. 
In  this  model  users  and  Information  (resources/objects)  come  together  in  a  group  to 
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facilitate  sharing.  We  further  extend  this  model  to  support  hierarchical  group.  Finally 
we  support  our  work  through  a  working  prototype. 
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Chapter  2 


Background  and  Related  Work 


2.1  Semantic  Web 

The  Semantic  Web  refers  to  the  W3C’s  vision  of  the  web  of  linked  data.  It 
extends  the  World  Wide  Web  that  enables  people  to  share  content  beyond  the 
boundaries  of  applications  and  websites.  Semantic  Web  technologies  enable  people  to 
create  data  using  RDF,  build  vocabularies  using  web  ontology  language  (OWL), 
write  rules  and  query  data  stores  using  SPARQL  [8]. 

The  vision  of  Semantic  Web  was  first  articulated  by  Tim  Berners  Lee  to  extend  the 
existing  web  in  which  knowledge  and  data  could  be  published  in  a  form  that  is  easy 
for  computers  to  understand  and  reason.  This  would  support  more  sophisticated 
software  systems  that  share  knowledge,  information  and  data  on  the  Web  just  as 
people  do  by  publishing  text  and  multimedia  [13]. 

Linder  the  stewardship  of  the  W3C,  a  set  of  languages,  protocols  and  technologies 
have  been  developed  to  partially  realize  this  vision,  to  enable  exploration  and 
experimentation  and  to  support  the  evolution  of  those  concepts  and  the  technology. 
The  current  set  of  W3C  standards  are  based  on  RDF  (Lassila  et  al.  1998),  a  language 
that  provides  a  basic  capability  of  specifying  graphs  with  a  simple  interpretation  as 
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a  “semantic  network”  and  serializing  them  in  XML  and  several  other  popular  Web 
systems  (e.g.,  JSON).  Since  it  is  a  graph  based  representation,  RDF  data  are  often 
reduced  to  a  set  of  ’triples’  where  each  one  represents  an  edge  in  the  graph. 

The  Web  Ontology  Language  (OWL)  (Bechhofer  et  al.  2004)  is  a  family  of 
knowledge  representation  languages  based  on  Description  Logic  (DL)  (Baader  2003) 
with  a  representation  in  RDF.  OWL  supports  the  specification  and  use  of  the 
ontologies  that  consist  of  the  terms  representing  individuals,  classes  of  individuals, 
properties,  and  axioms  that  assert  constraints  over  them.  The  axioms  can  be  realized 
as  simple  assertions  (e.g.,  ’Woman  is  a  subclass  of  Person’,  ’hasMother  is  a  property 
from  Person  toWoman’,  ’Woman  and  Man  are  disjoint’)  and  also  as  simple  rules.  The 
use  of  OWL  to  define  policies  has  several  very  important  advantages  that  become 
critical  in  distributed  environments  involving  coordination  across  multiple 
organizations.  First,  most  policy  languages  define  constraints  over  classes  of  targets, 
objects,  actions  and  other  constraints  (For  example,  time  or  location).  A  substantial 
part  of  the  development  of  a  policy  is  often  devoted  to  the  precise  specification  of 
these  classes,  e.g.,  the  definition  of  what  counts  as  a  ’student’  or  an  ’entertainment 
activity’.  This  is  especially  important  if  the  policy  is  shared  between  multiple 
organizations  that  must  adhere  to  or  enforce  the  policy  even  though  they  have  their 
own  native  schemas  or  data  models  for  the  domain  in  question.  Second,  OWL  is 
based  on  description  logic,  a  well  understood  subset  of  logic  for  which  powerful  and 
efficient  reasoning  systems  are  available.  By  constraining  our  use  of  OWL  to  the  right 
subset,  we  can  exploit  existing  OWL  reasoners.  A  third  advantage  is  that  OWL’s 
grounding  in  logic  facilitates  the  translation  of  policies  expressed  in  OWL  to  other 


6 


formalisms,  either  for  analysis  or  for  execution.  Finally,  OWL  is  designed  of  and  for 
the  Web,  making  sharing  policies  and  the  ontologies  they  use  both  natural  and  easy 
[4]. 

2.2  Group  Centric  Information  Sharing 

Group  centric  Information  sharing  [1,2,3]  is  a  novel  concept  developed  by  Ravi 
Sandhu  et  al,  It  envisions  bringing  the  users  and  objects  together  in  a  group  to 
facilitate  sharing  for  a  common  purpose. 

The  model  focuses  on  semantics  of  group  operations:  Join  and  Leave  for  users  and 
Add  and  Remove  for  objects,  each  of  which  can  have  two  variations  namely  strict  and 
Liberal.  The  authors  use  Linear  Temporal  Logic  (LTL)  to  characterize  the  core 
properties  of  a  group  in  terms  of  these  operations  [1]. 

We  will  not  dwell  into  the  LTL  details  and  will  concentrate  on  the  core  gSIS 
properties  followed  by  the  group  operation  semantics. 

2.2.1  Core  gSIS  Properties 

The  core  properties  [1]  must  be  satisfied  by  any  g-SIS  specification.  The  core 
properties  are  stated  with  the  assumption  that  Join,  Leave,  Add  and  Remove  are  the 
only  events  that  influence  authorization  in  g-SIS.  In  the  future,  these  properties  can  be 
extended  to  models  involving  additional  aspects  (e.g.  attributes  of  users  and  objects). 
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1.  Persistence  Properties:  These  properties  consider  the  conditions  under  which 
authorization  may  not  change. 

a.  Authorization  Persistence:  When  a  user  u  is  authorized  to  access  an 
object  o ,  it  remains  so  at  least  until  a  group  event  involving  u  or  o  occurs. 

b.  Revocation  Persistence:  When  a  user  u  is  not  authorized  to  access  an 
object  o,  it  remains  so  at  least  until  a  group  event  involving  u  or  o  occurs. 

A  generalized  statement  of  these  properties  may  be  \Authorization  does  not  change 
unless  an  authorization  changing  event  occurs."  With  this  generalization,  we  believe 
persistence  property  is  required  of  all  access  control  systems. 

The  following  properties  are  more  specifically  targeted  at  g-SIS.  They  seek  to 
recognize  the  additional  authorizations  enabled  and  disabled  by  group  membership 
and  non-membership  respectively. 

2.  Authorization  Provenance:  Intuitively,  a  user  will  not  be  authorized  to  read  an 
object  until  a  point  at  which  both  the  user  and  object  are  simultaneously  group 
members. 

Two  things  can  be  inferred  from  the  statement,  if  Authentication  holds  in  a  given 
state  then  there  was  an  overlapping  period  of  membership  between  the  user  and 
object  at  least  once  in  the  past.  Next,  authorization  to  read  an  object  cannot  begin  for 
the  first  time  during  a  user's  non-membership  period  (that  is,  only  joining  a  group 
can  enable  authorization). 
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3.  Bounded  Authorization:  These  properties  require  that  authorizations  not  Increase 
during  non-membership  periods  of  users  and  objects  (note  that  authorizations  may 
decrease).  Authorizations  that  hold  during  the  non-membership  period  of  users  and 
object  should  have  held  at  the  time  of  Leave  and  Remove  respectively. 

a.  Bounded  User  Authorization:  The  set  of  all  objects  that  a  user  can  access 
during  non-membership  period  is  bounded  at  Leave  time.  This  set  cannot 
grow  until  the  user  re-joins. 

The  above  property  states  that  additional  authorizations  cannot  be  granted  to  a 
user  during  non-membership  period.  Any  object  that  is  accessible  after  Leave 
should  have  been  authorized  at  the  time  of  Leave. 

b.  Bounded  Object  Authorization:  The  set  of  all  users  who  can  access  a  removed 
object  is  bounded  at  Remove  time,  which  cannot  grow  until  re-Add. 

4.  Availability:  Availability  specifies  the  conditions  under  which  authorization  must 
succeed.  This  property  states  that  after  a  user  joins  a  group,  any  object  that  is  added 
subsequently  should  be  authorized.  Obviously,  the  user  should  be  a  current  member 
when  the  object  in  question  is  added. 

2.2.2  Group  Operation  Semantics 

The  Group  operation  semantics  are  the  additional  properties  that  are  based  on  specific 
variations  of  group  operations,  these  properties  define  certain  group  operation 
semantics  that  are  useful  for  a  variety  of  applications.  All  these  properties  are  not 
required  in  the  development  of  the  system,  in  any  system  only  a  subset  of  these 
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properties  will  be  used  in  accordance  to  the  requirement  and  semantics  of  the  system, 
the  designer  plays  a  key  role  in  deciding  the  properties  to  be  used  for  the  system. 


Membership  Properties  characterize  the  semantics  of  authorizations  enabled  when  a 
user  joins  or  an  object  is  added  and  those  which  are  disabled  when  a  user  leaves  or  an 
object  is  removed  from  the  group. 


Strict  Join  (SJ)  Vs  Liberal  Join  (LJ):  In  SJ,  the  joining  user  may  only  access  some  or 
all  of  the  objects  added  after  Join  time.  LJ  additionally  allows  the  user  to  access  some 
or  all  of  the  objects  that  were  added  prior  to  join  time.  Suppose  that  in  figure  2.3.1  the 
second  Join  (m  1;  g )  is  an  SJ.  Then  ul  can  access  o 4  and  o5  but  cannot  access  o 2  and 
o 3.  If  the  Join  was  an  LJ  instead  of  SJ,  ul  can  also  access  ol  and  o3 


Most  recent  Non-membership  Current  membership 
membership  period  period  period 


Add  (o1,g)  Add  (o2,g)  Add  (o3,g)  Add  (o4,g)  Add  (o5,g) 


Join  (u1,g) 


Remove  Leave  (u1,g) 

(°1,g) 


Join  (ul.g)  Remove 

(°5,g) 

At  join  time, 

Existing  Objects:  o2,  o3 
New  Objects:  o4,  o5 


Figure  2.1:  User  Operations  (figure  courtesy:  Ram  Krishnan  et  al  [1]) 
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Add  (ol.g) 


Add  (o3,g) 


Join(ul.g)  Remove  (ol.g) 


Add  (o2,g)  Join  (u2,g)  Join  (u3.g) 


V 


At  Add  time, 
Existing  Users:  ul 
New  Users:  u2,  u3 


► 


Figure  2.2:  Object  Operations  (figure  courtesy:  Ram  Krishnan  et  al  [1]) 


Strict  Leave  (SL)  Vs  Liberal  Leave  (LL):  In  SL,  the  leaving  user  loses  access  to  all 
objects.  In  LL,  the  leaving  user  may  retain  access  to  some  or  all  of  the  objects 
authorized  prior  to  Leave  time.  In  figure  2.2.1,  on  SL,  u  1  loses  access  to  all  group 
objects  (ol  and  o2)  authorized  during  the  membership  period.  An  LL  will  allow  u\  to 
retain  access  to  o2  (and  possibly  ol,  depending  on  the  type  of  Remove  of  ol). 


1  Operation 

Explaination  j 

Strict  Join(SJ) 

Only  objects  added  after  join  time  can 
be  accessed 

Liberal  Join(LJ) 

Can  access  objects  added 
before  and  after  join  time 

Strict  Leave(SL) 

Lose  access  to  all  objects  on  leave 

Liberal  Leave(LL) 

Retain  access  to  objects  authorized 
before  leave  tune 

Strict  Add(SA) 

Only  users  who  joined  prior  to  add  time 
can  access 

Liberal  Add(LA) 

Users  who  joined  before  or  after  add 
time  may  access 

Strict  Remove  (SR) 

All  users  lose  access  on  remove 

Liberal  Remove(LR) 

LTsers  who  had  access  at  remove  time 
retain  access 

Table  2.1:  Group  Operation  semantics  (Table  courtesy:  Ram  Krishnan  et  al  [1]) 
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Strict  Add  (SA)  Vs  Liberal  Add  (LA):  In  SA,  the  added  object  may  only  be  accessed 
by  only  some  or  all  of  the  users  who  joined  before  Add  time.  In  LA,  the  added  object 
may  also  be  accessed  by  some  or  all  of  the  users  that  join  (e.g.,  LJ)  later.  If  Add  (o2; 
g )  in  figure  3.2  is  an  SA,  only  ul  can  access  the  object.  Users  u2  and  m3,  joining  later, 
cannot  access  this  object.  But  on  LA  current  user  u  1  and  future  users  m2  and  m3  may 
access  o2. 

Strict  Remove  (SR)  Vs  Liberal  Remove  (LR):  In  SR,  the  removed  object  cannot  be 
accessed  by  any  user.  In  LR,  some  or  all  of  the  users  who  had  access  at  Remove  time 
may  retain  access  (of  course,  users  joining  later  are  not  allowed  to  access  the  removed 
object  this  respects  the  Authorization  Provenance  core  property).  In  figure  2.3.2,  if 
Remove  (o  1;  g)  is  an  SR,  every  group  user  (including  m1)  loses  access  to  o  1.  If 
Remove  (o  1;  g)  is  an  LR,  ul  can  continue  to  access  o\.  However  m2  and  m3  will  not 
have  access  to  ol. 
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Chapter  3 

SYSTEM  USE  CASE 


Secure  Information  Sharing  (SIS)  or  sharing  information  while  protecting  is 
necessary.  Use  cases  for  SIS  vary  from  applications  like  secure  meeting  room  to 
collaboration  between  organizations  and  social  networking  application  handling  user 
interaction  with  an  expectation  of  security  and  privacy. 

3.1  Graduate  Student  Admissions:  Graduate  admissions  [17]  is  a  process  where  in 
the  graduate  applications  are  scrutinized  by  a  group  of  faculty  members  from  the 
department.  The  group  consists  of  a  mix  of  senior  professors,  Associate  professors 
and  senior  graduate  students  working  towards  the  completion  of  masters  and  PhD. 

Prospective  graduate  students  send  their  applications  to  the  department  for  evaluation 
and  the  committee  weighs  the  credibility  of  the  applicant  based  on  multiple  factors 
and  makes  a  decision  about  his  admission. 

The  gSIS  model  facilitates  and  promotes  the  process  of  information  sharing  among 
the  various  committee  members.  As  our  model  supports  hierarchical  groups  handling 
groups  of  Professors,  Associate  professors  and  grad  students  within  the  Graduate 
student  admissions  group  is  simplified. 

To  implement  this  model,  we  have  to  enforce  the  following  gSIS  operations 

■  Enforce  users  to  Join  the  group  though  ‘Liberal  Join’,  This  would  make  sure 
that  in  additional  to  the  applications  added  to  for  this  academic  year,  members 
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can  also  access  previous  applications  to  get  better  understanding  of 
university’s  selection  pattern. 

■  Add  the  application  documents  with  ‘Liberal  Add’  so  that  even  committee 
member  joining  the  committee  at  a  later  point  of  time  can  access  the 
applications. 

■  If  a  member  leaves  the  group,  then  use  ‘Strict  Leave’,  so  that  he/she  loses  all 
access  to  the  documents  of  the  Group. 

■  If  the  documents  are  to  be  removed  from  the  group  for  some  reason,  then  use 
the  ‘Liberal  Remove’,  this  will  ensure  that  the  members  present  during  the 
review  of  that  particular  application  have  access  to  the  removed  documents 
for  analysis  purpose. 

3.2  Promotion  and  Tenure  Committee  (P&T):  A  promotion  and  tenure  committee 
[16]  consists  of  a  group  of  full  professors  (tenured)  who  decide  on  the  fate  of  an 
Associate  professor  under  consideration  for  tenure. 

The  promotion  and  tenure  committee  resembles  the  group  centric  information  sharing 
as  the  group  shares  information  towards  a  single  goal,  the  goal  being  decision  over 
tenure,  Also  the  access  level  of  the  members  of  the  group  varies  from  individual  to 
another.  This  is  mainly  dependent  on  his  seniority  in  the  group  (Join  timestamp  of  the 
member). A  senior  member  of  the  group  can  check  the  tenure  documents  of  his  fellow 
junior  group  members  but  not  the  vice-versa.  This  serves  as  an  excellent  use  case  for 
our  model  of  group  centric  information  sharing. 
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To  implement  gSIS  for  this  use  case,  we  would  have  to  use  the  following  group 
operations, 

■  Enforce  users  to  Join  the  group  though  ‘Strict  Join’,  This  would  make  sure 
that  the  users  can  access  only  the  documents  added  after  their  join  time. 

■  Add  the  P&T  documents  with  ‘Strict  Add’  so  that  only  users  joining  prior  to 
Add  time  can  access  the  documents. 

■  If  a  tenured  professor  leaves  the  group,  then  use  ‘Strict  Leave’,  so  that  he/she 
loses  all  access  to  the  documents  of  the  Group. 

■  If  the  documents  are  to  be  removed  from  the  group  for  some  reason,  then  use 
the  ‘Strict  Remove’,  this  will  ensure  that  none  of  the  members  have  access  to 
the  removed  documents. 

3.3  Social  Media  Application:  Social  Media  platforms  like  Facebook  handle  user 
profile  information  ranging  from  basic  information  to  interests  and  social  network 
data.  Currently  when  Bob  becomes  a  friend  of  Alice  on  Facebook,  Bob  gets  access  to 
all  the  personal  information  as  well  as  the  content  (from  Facebook  Wall)  that  Alice 
had  shared  earlier  with  her  friends.  Thus  unintentionally  sharing  the  data  with  Bob 
that  she  has  never  intended  to  do  so,  this  can  cause  serious  privacy  infringement  [11, 
15]  to  Alice. 

This  issue  can  be  fixed  by  using  the  gSIS  operations  semantics  while  sharing 
information  and  adding  new  friends  to  our  existing  list  of  friends. 

Let  us  dwell  into  the  details  of  gSIS  operators  and  it’s  semantic  in  social  network 
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Strict  Join:  if  Alice  adds  a  new  friend  Bob  to  her  friend  list  through  Strict 


Join,  then  Bob  will  not  be  able  to  access  any  of  the  posts(In  this  scenario  posts 
and  documents  are  used  interchangeably)  shared  by  Alice  prior  to  his  Join 
time.  Thus  Bob  will  not  be  able  to  spy  about  Alice’s  online  behavior 

■  Liberal  Join:  In  addition  to  allowing  access  to  new  documents,  Liberal  Join 
would  allow  Bob  to  access  posts  that  Alice  shared  prior  to  his  join  time 
through  Liberal  Add. 

■  Strict  Add:  Alice  should  use  this  operation,  if  she  wants  to  share  the  post  with 
current  set  of  friends  and  protect  from  her  future  friends. 

■  Liberal  Add:  This  post  can  be  accessed  by  current  friends  as  well  as  new 
friends  who  join  at  a  later  point  of  time  through  Liberal  Add. 

If  we  carefully  give  a  thought  about  the  current  Facebook  model,  we  can 
understand  that  it  works  on  lines  of  Liberal  Join  for  adding  new  friends  to  our 
list  and  Liberal  Add  while  posting  documents. 

About  the  delete  and  Remove  options,  Facebook  currently  emulates  the  Strict 
Leave  and  Strict  Remove  semantics  of  gSIS. 

3.3.1  Incorporating  gSIS  into  Facebook 
>  Adding  a  Friend 


Amit  Eb 


Not 


Not  Now 


Amit  Eb 

Friend  request  accepted 
Suggest  friends  for  him 
^  Write  on  his  Wal 


Figure  2.1:  Adding  a  Friend 
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After  adding  a  friend  to  the  list,  The  user  preference  can  be  asked  as 
illustrated  above. 

Sharing  history  with  the  newly  added  friend  would  mean  liberally  adding 
the  friend  whereas  preferring  not  to  share  the  history  would  mean  strictly 
adding  the  friend. 

>  Adding  a  Post 


Post  to  Profle 


What's  on  your  mind? 


Status  Update 

By  UMBC  ebiquty  research  group 

DARPA  s  devebping  a  re*  arporent  :o  rack  "quet  subm-arnes" 
to  be  part  of  the  Navy’s  Ant  Sobmarre  Warfare  toc-Sot  and  &  usrg 
a  software  garre  to  coSect  effective  slrateges  tor  its  use. 

http:/A*t.ly/g5S9aL 


a 


Current 

Current  +  Future 


Everyone 

rnends  of  Friends  and  Networks 
Fnends  and  Networks 
Friends  of  Friends 

✓  Friends  Only 

Customize 


- ■ 

Share 

Cancel 

_ 1 

Figure  3.2:  Adding  a  Document 

While  adding  a  post,  the  user  can  have  a  option  ’  Share  this  post  with  my 
current  set  of  friends’  v/s  ‘Share  the  post  with  my  current  and  future  set  of 
friends’,  the  former  meaning  strictly  adding  the  post  to  the  profile  while 
the  later  liberally  adding  the  post. 
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>  Removing  a  Friend 


Remove  Amit  Eb  as  a  friend? 


Are  you  sure  you  want  to  remove  Amit  Eb  as  your  friend? 


Remove  from  Friends 


Cancel 


O  Remove  access  to  existing  posts 


O  Alio  /,  access  to  existing  posts.  Deny 
request  to  future  posts 


Figure  3.3:  Removing  a  Friend 


>  Removing  a  Post 


Amit  Mahale  via  TechCrunch 

Gmail  To  Roll  Out  Ads  That  Learn  From  Your  Inbox 

techcrunch.com 

Gmail  is  in  the  process  of  rolling  out  a  new  ad  system  that  co 
quite  powerful :  ads  that  learn  what  you're  interested  in  has* 
habits.  The  feature  first  showed  up  in  my  Gmail  account  earl|_ 


Remove  Post.., 


Mark  as  Spam 
Report  as  Abuse... 


(there's  a  prompt  informing  users  about  the  new  ads),  and  a  Google 
>3]  March  29  at  7:59pm  A  Like  Comment 1  Share 


o 


Amit  Mahale  via  TechCrunch 


a 


Gmail  To  Roll  Out  Ads  That  Learn  From  Your  Inbox 

techcrunch.com 

Gmail  ts  m  the  process  of  rolling  out  a  new  ad  system  that  co 
quite  powerful:  ads  that  learn  what  you're  interested  m  basi 
habits  -  The  feature  first  showed  Up  in  my  Gmail  account  earl 
(there's  a  prompt  informing  users  about  the  new  ads),  and  a 


Remove  Post 
o  Keep  it  accessible  for 
current  set  of  Friends 

P  Remove  the  post  for 
everyone 


March  29  at  7:59pm  A  Ufje  '  Comment  Share 


Figure  3.3:  Removing  a  document(Post) 
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Chapter  4 


SYSTEM  ARCHITECTURE 


The  high  level  system  design  (Fig  4.1)  demonstrates  the  Group  Centric  Information 
sharing  setup 


Figure  4.1  High  level  system  design 
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The  system  is  built  to  make  access  decisions  in  a  group  centric  information  sharing 
environment. 

Group-Centric  sharing  brings  in  the  users  and  objects  together  to  facilitate  sharing  by 
focusing  on  semantics  of  group  operations.  User’s  join  the  group  through  join 
operation  and  leave  the  group  through  leave  operation.  The  join  and  leave  operations 
further  have  strict  and  liberal  flavors  which  are  explained  in  the  background  section. 

Similarly,  the  documents  are  added  to  the  group  through  Add  operation  and  removed 
using  the  Remove  operation.  Even  Add/Remove  has  strict  and  liberal  variations 
analogous  to  the  Join/Remove. 

We  will  now  discuss  the  system  component  in  detail 

4.1  Group  Operation  data 

The  Group  operation  data  is  the  data  about  the  group  members  and  their  group 
operations.  Every  member  of  the  group  either  user  or  document  is  identified  by  a 
unique  id.  There  is  no  restriction  on  the  number  of  transactions  a  member  can  have 
with  the  group.  In  other  words  a  group  user  can  join  and  leave  the  group  multiple 
numbers  of  times  without  hurting  the  core  gSIS  properties. 

4.2  Hierarchy  Ontology 

The  hierarchy  ontology  is  responsible  for  inferring  the  groups  that  the  group 
member  belongs  to.  In  real  life  scenario,  groups  may  be  created  with  hierarchy  in 


20 


mind.  For  example  consider  a  hierarchy  of  Professor,  Asst  Professor  and  Lab 
Instructor. 

Thus  a  user  added  to  a  Professor  group  should  by  default  have  access  to  the 
documents  added  to  Asst  Professor  and  Lab  Instructor  group. 

Thus  the  use  of  hierarchy  ontology  along  with  a  reasoner  reduces  manual  work  and 
automates  the  task  of  inferring  groups  that  the  user  represents. 

Another  example  can  be  quoted  of  a  Disaster  management  group 


Figure  4.2  Hierarchy  of  Disaster  Management  Group 

From  the  figure,  we  understand  that  the  Disaster  Management  Group(DMG)  is  a  large 
group  comprising  of  the  fire  fighters,  Police  department  and  Ambulance  who  have 
access  to  a  particular  subset  of  documents  of  the  Disaster  management  group.  The 
DMG  as  a  whole  can  access  any  of  the  documents  of  Fire  fighters,  Police  Dept  and 
Ambulance  but  not  vice  versa. 

In  such  a  hierarchical  setup,  the  documents  added  to  Police  department  should  be 
accessible  to  the  DMG  as  it  is  a  super  groups;  this  fact  is  true  for  other  groups  as  well. 
Thus  the  use  of  hierarchy  ontology  helps  to  automate  the  task  of  inferring  additional 
groups  and  facilitating  information  sharing  for  hierarchical  groups. 
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The  hierarchical  groups  can  be  represented  in  OWL  using  the  property  :subclassOf 
<RoleName>  gSIS:subclassOf  <SuperRoleName>. 

E.g.:  PoliceDepartment  gSISrsubclassOf  :DMG 

4.3  Inferred  Data 

The  RDFS  reasoner  is  used  to  infer  additional  group  data  using  the  hierarchy 
ontology.  The  inferred  data  is  then  stored  in  a  data  store  along  with  the  group  data  and 
is  used  to  make  access  decisions  in  further  steps. 

4.4  gSIS  Ontology 

Our  work  is  based  on  the  theory  of  Group-Centric  Secure  Information  Sharing 
(g-SIS)  described  in  [1],  our  focus  is  on  creating  ontology  to  represent  the  concepts  in 
the  g-SIS  model  using  OWL. 

Our  gSIS  ontology  primarily  consists  of  four  classes:  Person,  Document,  Group  and 
Action. 

The  Action  class  is  further  divided  into  the  Join,  Leave,  Add,  and  Remove  each  of 
which  further  have  Strict  and  Liberal  variations.  The  Join  and  Leave  actions  are  used 
to  represent  the  fact  that  a  Person  can  join  or  leave  a  Group.  Similarly,  the  Add  and 
Remove  actions  represent  the  fact  that  a  Document  can  be  added  or  removed  from  a 
Group. 
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•  Libera  kloin 


Leave 


Libera  ILeave 


Person 


Libera  lAdd 


StrictLeave 


Figure  4.3:  gSIS  classes  from  top  level  to  bottom 


Actions  can  be  allowed  or  denied  depending  on  a  few  conditions  on  the  time  and  a 
combination  on  the  variations  (Strict  or  Liberal).  For  example,  a  Person  can  access  a 
Document  in  a  Group  if  the  person  joined  the  group  before  the  document  was  added 
and  the  person  joined  with  a  strict  joined  and  the  document  was  added  with  a  strict 
add. 

In  order  to  represent  the  fact  that  an  action  is  allowed  (or  not),  we  have  created  a 
PermittedAction  class,  which  is  a  subclass  of  Action  which  is  used  by  the  person  and 
document  classes  to  check  if  the  action  is  permitted  according  to  the  group  semantics. 
Here  is  an  example  ofan  Action  class  declaration  in  owl 
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:Action  rdf : typeowl : Class  . 


:Add  rdf : typeowl : Class  ; 
rdf s : subClassOf  : Action  . 

Further  the  ontology  has  object  properties  like  ;hasDocument,  :hasGroup,  :hasPerson 
The  :hasDocument  property  is  defined  in  owl  as  follows 

: hasDocumentrdf : typeowl : InverseFunct ionalProperty 
, owl : Ob jectProperty  ; 

rdfs:domain  : Add, : PermittedAccess  , :Remove  . 
rdfs: range  : Documents  ; 

The  domain  for  :hasDocument  vary  from  Add, Remove  and  PermittedAccess  and  the 
range  is  restricted  to  the  Documents.  This  will  allow  an  individual  instance  of 
Add,Remove  or  Permittedaccess  to  link  to  Document. 

The  :hasGroup  property  is  defined  in  owl  as  follows 

: hasGrouprdf : typeowl : Ob jectProperty  ; 
rdfsrdomain  :Add,  :Join,  :Leave,  :Remove  ; 
rdfs: range  : Group. 

The  :hasPerson  property  is  defined  in  OWL  as  follows 

: hasPersonrdf : typeowl : Ob jectProperty  ; 
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rdfs:domain  :Join  ,  :Leave  , : PermittedAccess  ; 
rdfs:range  :Person  . 

The  ontology  also  has  data  property  named  :hasTimestamp  which  manages  the 
timestamp  for  the  group  operations  like  adding,  removing  documents  and  joining, 
leaving  the  groups  for  members. 

Let  us  walk  through  a  simple  example  demonstrating  the  usage  of  gSIS  ontology 

:SJlrdf:type  :StrictJoin  , 
owl : Namedlndividual  . 

: Amitrdf : type  :Person  , 
owl : Namedlndividual  . 

: Ebiquityrdf : type  : Group  , 
owl : Namedlndividual  . 


:SJ1  :hasPerson  :Amit 
: hasTimestamp  XXXX 
:hasGroup  :Ebiquity 

The  relationship  between  the  classes  and  the  object  properties  is  represented  in  the 
next  graph 
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Figure  4.4:  gSIS  classes  and  object  properties  relations  with  color  codes 


0  has  subclass 


0  —  hasDocument  (Domain>Range 


0  hasGroup  (Domain>Range) 


0  — hasPerson  (Domain>Range) 
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4.5  Decision  Engine 

The  Decision  engine  is  the  central  system  of  the  gSIS  model;  the  rules 
pertaining  to  the  working  of  gSIS  are  encoded  in  this  module. 

gSIS  is  governed  by  a  number  of  parameter’s  which  control  the  access  decision 
between  the  user  and  the  document.  Along  with  the  group  operations  the  timestamp’s 
associated  with  the  Join,  Leave,  Add,  and  Remove  are  critical  in  making  access 
decisions  to  documents  added  to  the  group. 

After  analyzing  the  concepts,  we  have  come  up  with  a  16  combination  of  events  that 
can  occur  in  a  group  centric  information  sharing  environment  and  modeled  our  rules 
to  accommodate  all  possible  interactions 

Before  jumping  into  the  rules,  let  us  briefly  touch  upon  the  basics  axioms  of  gSIS, 

i.  Every  user  and  document  is  associated  with  at  least  one  group. 

ii.  Multiple  groups  may  exist. 

iii.  Groups  may  further  be  hierarchical. 

iv.  A  user  may  join  and  leave  the  group  multiple  number  of  times. 

v.  A  document  may  be  added  and  removed  from  the  group  multiple  number  of 
times. 

vi.  The  access  decision  of  a  user  to  a  document  depends  on  multiple  factors  like 
Join  type,  Add  type  and  the  timestamps  associated. 

Let  us  consider  the  following  scenarios 
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4.5.1  Strict  Join,  Strict  Add,  Strict  Leave,  Strict  Remove 

In  this  scenario  the  user  joins  the  group  through  Strict  Join  and  leaves  the  group 
through  Strict  Leave,  whereas  the  documents  are  added  through  Strict  Add  and 
removed  through  Strict  Remove 
From  the  definition  [1], 

■  Strict  Join:  Only  objects  added  after  join  time  can  be  accessed. 

■  Strict  Add:  Only  users  who  joined  prior  to  add  time  can  access. 

■  Strict  leave:  Lose  access  to  all  objects  on  leave. 

■  Strict  Remove:  All  users  lose  access  on  remove. 

Let  Uj  &  Ul  be  the  User  Join  and  Leave  time  and  Da  &  Dr  be  the  Document  Add  and 
Remove  time 

Then  let  us  plot  a  simple  example  with  these  details  on  the  time  line. 


User  Join 

(ty 


User 


Doc  Add 
(Da) 


Leave 

(W.) 


Access  time 
[Da-  Min  (UL,  D„)] 


Doc 

Remove 

(D«> 


Figure  4.5:  Strict  Join.  Strict  Add,  Strict  Leave,  Strict  Remove  operations 

From  the  timeline  and  the  operations  semantics,  we  find  the  document  can  be 
accessed  by  the  designated  user  from  the  fig  between 
Access  time  =  [DA-  Min  (UL,  DR)] 
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4.5.2  Liberal  Join,  Liberal  Add,  Liberal  Leave,  Liberal  Remove 

From  the  definition  [1], 

■  Liberal  Join:  Can  access  objects  added  before  and  after  join  time. 

■  Liberal  Add:  Users  who  joined  before  and  after  add  time  can  access. 

■  Liberal  leave:  Retain  access  to  objects  authorized  before  leave  time. 

■  Liberal  Remove:  Users  who  had  access  at  remove  time  retain  access. 


Doc  User 


Doc  Add  User  Join 

(Da)  (IV 


Remove  Leave 

(Dr)  (UJ 


Access  time 

[Max(Uj,  DA)  —  Max  (UL,  Dj] 


» 


Figure  4.6  Liberal  Add.  Liberal  Join,  Liberal  Remove,  Liberal  Leave  operations 


From  the  timeline  and  the  operations  semantics,  we  find  the  document  can  be 
accessed  by  the  designated  user  from  the  fig  between 
Access  time  =  [Max  (DA,  Uj)  -  Max  (Ul,  Dr)] 

4.5.2. 1  Strict  Join.  Liberal  Add,  Strict  Lxave,  Liberal  Remove 
Plotting  a  simple  timeline  for  this  scenario,  we  have 
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Figure  4.7  Strict  Join.  Liberal  Add,  Strict  Leave,  Liberal  Remove  operations 

From  the  timeline  and  the  operations  semantics,  we  find  the  document  can  be 
accessed  by  the  designated  user  from  the  fig  between 
Access  time  =  [DA  -  Ul] 


4.5.3  Liberal  Join.  Strict  Add,  Liberal  Leave,  Strict  Remove 

Plotting  a  simple  timeline  for  this  scenario,  we  have 


User  Join 

<Ui> 


Doc  Add 
(Da) 


User 


Leave 

<H> 


Doc 


Remove 

(D*> 


Access  time 

[Da-Dr] 


Figure  4.8:  Liberal  Join.  Strict  Add,  Liberal  Leave,  Strict  Remove 

From  the  timeline  and  the  operations  semantics,  we  find  the  document  can  be 
accessed  by  the  designated  user  from  the  fig  between 

Access  time  =  [DA  -  DR] 
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From  the  above  scenario’s  we  can  understand  that  the  access  decision  is  dependent  on 
multiple  factors  like  operation  type  (Join,  Leave,  Add,  Remove),  operation  time 
(timestamps  associated  with  the  operation)  and  group  membership.  As  representation 
of  all  the  mentioned  parameter’s  and  constructing  the  rule  becomes  overly  tedious 
and  complex  to  handle  in  OWL  [5],  we  propose  an  alternative  approach  for  the 
purpose  of  building  a  working  prototype  of  the  gSIS  framework.  The  prototype 
consists  of  a  decision  engine  developed  using  the  Java  environment  and  an  access 
decision  algorithm  which  takes  into  account  all  the  above  mentioned  parameters  and 
provides  a  fast  and  intuitive  access  decision  system.  The  algorithm  and 
implementation  details  are  covered  in  detail  in  the  next  chapter. 

4.6  Model  Extensions 

Group  management  becomes  a  tedious  task  when  the  number  of  groups  and 
members  increase.  One  way  to  manage  this  process  is  to  automate  group 
membership.  As  we  are  using  OWL  to  represent  our  system,  we  can  use  the 
OWL’s  Necessary  and  sufficient  conditions  to  manage  group  membership 
4.6.1  Automated  Group  Membership 

The  process  of  adding  users  to  the  relevant  group  can  be  a  tedious  process 
especially  when  the  users  belong  to  multiple  overlapping  groups.  This  process 
of  membership  can  be  automated  by  defining  the  necessary  and  sufficient 
(N&S)  conditions  for  each  group  and  modeling  the  same  using  OWL. 

As  an  example,  we  can  consider  the  group  to  be  ‘UMBC  CS  Tenure  group’ 
and  the  membership  requirement  for  this  group  is 
■  She/he  is  a  Full  Professor 
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A  Professor  @  UMBC. 


■  Faculty  in  the  CS  Department. 

These  conditions  can  be  represented  in  OWL  using  the  N&S  conditions 

<owl : Class  rdf : ID="Tenure_Committee_UMBC_CS"> 
<rdf s : subClassOf> 

<owl : Restrict ion> 

<owl : allValuesFrom  rdf : resource="#CS"/> 
<owl : onProperty> 

<owl : Ob jectProperty 
rdf : ID="hasDepartmentName" /> 

</owl : onProperty> 

</owl : Restrict ion> 

</ rdf s : subClassOf > 

<rdf s : subClassOf> 

<owl : Restrict ion> 

<owl : onProperty> 

<owl : Ob jectProperty 
rdf : ID="hasUniversityName"/> 

</ owl : onProperty> 

<owl :  allValuesFrom 
rdf : resource^" #UMBC" / > 

</owl : Restrict ion> 

</rdf s : subClassOf> 

<rdf s : subClassOf> 

<owl : Restrict ion> 

<owl : onProperty> 

<owl : Ob jectProperty  rdf : ID="hasRank" /> 
</ owl : onProperty> 

<owl :  allValuesFrom> 

<owl : Class  rdf : ID="Full. _ Prof essor " /> 

</owl:  allValuesFrom> 

</owl : Restrict ion> 

</ rdf s : subClassOf > 
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e  UMBC  CS 


University 


Rank 


*  *  Full _ Professor 


*  t  CS 


+  *  UMBC 


Figure  4.9  OWL  Model  for  Automated  Group  Membership 

Thus  once  a  member  with  the  above  characteristics  is  added  to  the  system  then  they 
are  automatically  classified  as  the  members  of  the  UMBC  CS  Tenure  group. 

4.6.2  Automated  document  classification 

This  feature  is  especially  useful  for  federal  applications  which  deal  with  classified 
documents.  It  is  crucial  that  only  the  right  set  of  people  get  access  to  the  confidential 
documents. 

Classified  information  is  sensitive  information  to  which  access  is  restricted 
by  law  or  regulation  to  particular  groups  of  persons.  Documents  are  usually 
classified  as  Top  Secret,  Secret,  Confidential,  Restricted  and  Unclassified. 

Groups  can  be  governed  by  policies  on  the  type  of  documents  that  would  be  a  part  of 
the  group.  For  example  the  ‘War  room  group’  should  have  access  to  all  the  Top 
Secret  documents  and  ‘Air  Force  Group’  can  have  access  to  documents  which  belong 
to  the  ‘Air  Force  domain’  and  are  classified  as  ‘Top  Secret’.  These  rules  can  be 
enforced  by  using  OWL’s  Necessary  and  sufficient  conditions  and  the  process  of 
document  classification  can  be  automated. 
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Chapter  5 

SYSTEM  IMPLEMENTATION 


Let  us  look  into  the  flowchart  of  our  access  decision  system 


Figure  5.1  Flowchart  of  the  gSIS  Access  decision  system 
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The  access  decision  algorithm  consists  of  the  following  stages, 


i.  Read  the  file  and  parse  the  Group  Membership  details. 

ii.  Read  the  hierarchy  ontology  file  and  generate  the  additional  tuples  using  a 
reasoner  by  using  the  original  Group  membership  data. 

iii.  'Store  the  original  and  inferred  tuples. 

iv.  Cluster  the  tuples  in  accordance  to  their  group  membership. 

v.  Clustered  tuples  are  read  pair  wise  consisting  of  user  and  document 
membership  details. 

vi.  The  next  stage  is  to  compute  access  interval  between  every  user  and  document 
of  the  group.  The  precomputed  access  intervals  will  greatly  improve  the 
system’s  readiness  to  handle  any  number  of  access  decision  queries. 

a.  The  pair  is  tested  against  the  gSIS  Join  and  Add  semantics,  if  true 

i.  The  access  start  time  is  computed,  [computation  details  are 
explained  in  the  previous  section  and  depend  on  the  type  and 
timestamp  of  the  operation]. 

ii.  The  access  end  time  is  computed  depending  on  the  Leave  and 
Remove  semantics. 

iii.  The  generated  access  interval  tuples  are  stored  in  the  following 
format. 

<userid>,<docid>,<start_time>,<end_time> 

vii.  The  system  can  now  accept  queries  about  access  decision  between  any  user 
and  document  that  is/was  a  part  of  the  group. 
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A  sample  query  would  be  “Does  Amit  has  access  to  ppt  at  time  stamp  X”  and 
the  system  would  look  into  the  Access  KB  and  answer  the  query. 

Whenever  the  group  membership  changes,  the  system  recomputes  the  access 
intervals  to  maintains  the  Access  KB  up  to  date. 
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Chapter  6 
RESULTS 


6.1  Validation 

Let  us  visualize  the  scenario  of  the  Promotion  &  Tenure  (P&T)  committee  use  case  in  our 
prototype. 

The  group  membership  information  is  the  input  to  this  prototype  and  is  the  format 

<user_id>, < join_time>, < join_type>, <leave_time>, <leave_typ 
e>,  <group_name> 

Sample  data: 

finin, 1990, SJ, 2011, SL, tenure_committee 
joshi,  1998, SJ, 2011, SL, tenure_committee 
nicholas, 1995, SJ, 2011, SL, tenure_committee 
yesha, 1993, SJ, 2011, SL, tenure_committee 
de jardens, 2001, SJ, 2011, SL, tenure_committee 
oates, 2003, SJ, 2011, SL, tenure_committee 
Andrew, 2010, SJ, 2011, SL, asso_prof_committee 

Data  represents  the  committee  member  (users)  of  the  group.  For  example  the  first 
tuple  about  Dr  Finin  says  that,  The  user  finin  joined  the  tenure_committee  in  1990 
through  Strict  Join(SJ)  and  is  still  the  part  of  the  committee.  For  the  purpose  of 
programmatic  computation  we  set  the  leave  date  to  current  year. 

Similarly  documents  are  added  to  the  group  in  the  format 
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<doc_id>, <Add_time>, <Add_type>, <Remove_time>, <Remove_type 
>,  <group_name> 

f inindoc, 1990, SA, 2011, SR, tenure_committee 
joshidoc, 1998, SA, 2011, SR, tenure_committee 
nicholasdoc,  1995, SA, 2011, SR, tenure_committee 
yeshadoc, 1993, SA, 2011, SR, tenure_committee 
de jardensdoc, 2001, SA, 2011, SR, tenure_committee 
oatesdoc, 2003, SA, 2011, SR, tenure_committee 
Andrewdoc, 2010, SA, 2011, SR, asso_prof_committee 

Every  tenured  member  of  the  committee  has  a  tenure  document  associated  with  them 
that  is  a  part  of  the  tenure_committee. 

In  this  sample  example,  Andrewdoc  is  the  document  of  Dr  Andrew  who  is  been 
considered  for  tenure  and  this  document  is  a  part  of  Associate  professor  group  named 
asso_prof_committee . 

Let  us  walk  through  the  process,  in  which  the  access  intervals  are  computed, 

1.  Read  the  Group  operations  data  file 

2.  In  the  next  step,  we  read  the  hierarchy  ontology  file  and  generate  the 
additional  tuples  using  a  rdfs  reasoner  and  the  original  Group  membership 
data. 

In  this  case  the  hierarchy  ontology  file  consists  of  two  classes,  the 
tenure_committee’  class  and  the  sub  class  ‘asso_prof_class’,  which  implies  that 
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members  of  tenure_committee  are  also  a  part  of  the  asso_prof_class  and  these 
tuples  are  inferred  and  stored  by  the  reasoner. 

3.  In  the  next  part,  the  tuples  are  read  pair  wise  and  tested  for  correctness  in 
accordance  to  gSIS  properties  and  the  access  start  and  end  time  is  computed. 
This  information  is  stored  in  the  knowledge  base  in  the  format 
<user_id>, <doc_id>, <start_time>, <end_time>, 
<group_name> 

f inin, nicholasdoc, 1995,2011, tenure_committee 
finin, joshidoc, 1998,2011, tenure_committee 
finin, f inindoc, 1990,2011, tenure_committee 
finin, oatesdoc, 2003,2011, tenure_committee 
finin, Andrewdoc, 2010,2011, asso_prof_committee 
finin, de jardensdoc, 2001, 2011, tenure_committee 
finin, yeshadoc, 1993,2011, tenure_committee 
The  sample  output  is  only  for  representation  purpose  and  contains  tuples  only  for  the 
member  ‘Finin’,  However  the  actual  output  access  intervals  are  computed  for  all 
group  members  and  stored  in  the  knowledge  base. 

The  knowledge  base  is  updated  whenever  group  membership  changes  to  maintain 
consistency. 

Once  the  knowledge  base  is  ready  it  can  answer  queries  of  the  format 

■  Query  1:  Does  Dr  Finin  have  access  to  Dr  Joshi’s  Tenure  file  in  2005? 

Access  Granted 
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■  Query  2:  List  all  the  documents  that  Dr  Finin  had  access  to 

k  y'  y'  y’  y'  y'  y‘  y  y  y  y  y  y  y  y  y  &  y'  y  y"  y  y  y  y  y  y  y  y  y  y  yl  y  y  y  y  y  y  y 

Z-TlLT. ,  nr cruDl a s.doc  ,  1935,2  011  ,  t. e n t r e_c ciza.- ties 
finin,  j  c^j'iduc ,,  19  35, 2011,  uer.  q re_c c icm iti-et 
Einin,  f  iiiindcc,  193  0,  2011 ,  terL-jre_ccinr.Lt: tee 
finin,  oatesdoc,  20  35  r  2011  r  t e nr r e_c onomi 1 1  e  e 
E:D:nf  Andre wdoc,  2  010,2011 ,  a. 3 5 o_p r c f  _c create tree 
finin,  de~  arden3dacf  20  01,  2  011  ,  tentre_ccmmttee 
finin,  yeshadcc,  1395, 2  011,  ten-jre_ccmrrttee 

*■  y  y  y  y  y  y  y  y  y  y  y  y  y  y  y  y  y  y  y  y  y  y  y  y  y  y°  y  y  y  y  y  y  y  y  y  y  y 


Figure  6.1  Query  2:  List  all  the  documents  that  Dr  Finin  had  access  to 


■  Query  3:  List  all  the  users  who  have  access  to  ‘Andrewdoc1 
[Andrew  is  an  Assistant  Prof  and  under  consideration  for  tenure] 


loshr,  Andrewdoc,  2  010, 2  011,  a 33G_crof_c oniric r. tee 
f mi n,  Andrewdoc,  2  010, 2  011, 533 o_p r o f _coirirli 1 1 e e 
Gates,  Andrewdoc,  2  0_  3, 2011,  assc  prof  ccirimttee 
deiar dens, Andrewdoc, 2 010 , 2  Oil, asso_prof_conHm±ttee 
ye  si.  a ,  An  dr  ewdo  c,  2010, 2011, ass  c_c  r  c  f  _c  orcimit  tee 
nic  ho  la  3,  Andrewdoc,  2  011  ,2011,  as30  prof  comr.rttee 


Figure  6.2  Query  3:  List  all  the  users  who  have  access  to  ‘Andrewdoc’ 
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Query  4:  List  all  the  documents  that  were  accessible  to  users  in  1994 


“  QQO  20 

^  a  •  •  *  •  •  f  »  •  •  SaA  w  w  f  *  •  «  «  ^  W 

finin, yeshadoc, 2  993, 20 
ye 3 ha,  yesr.adoc,  1993,20 


^  *•  •  •  v  ^  ^  ^7y»ty>  ^  r*  ^  a  p» 

f  w  w  •  •  »  —  w  W  W  w  — 

rpr,'*  vp  i  TT&£+ 

f  V  w  V  VflWr  ^  ¥  ¥h  - 

^  p  r  *  *  vp  ~  ^  eu  a 

/  ^  .  wUiiUi*^  w  w  w  « 


Figure  6.3  Query  4:  List  all  the  documents  that  were  accessible  to  users  in  1994 


■  Query  5:  Did  Dr  Finin  ever  have  access  to  Nicholasdoc? 

t  W  W  'y  W  W  W  >  V  :r  >  »  ■*■  >■  y  y  y  >  y  it  y  »  y  y  y  y  y  y  y  y  y  y  y  y  y  y  y 

1  inir.f  nicholasdoc,  19  95, 2011,  ter^re_ccKir;it.tee 

y.  y  y  y.  y  y.  y  y  y.  yy  y.  yyyy  y.  y  y  y  y  y.  y  y  yy  y.  y  y  y  y  y  yyy.  y  y  y 


Figure  6.4  Query  5:  Did  Dr  Finin  ever  have  access  to  Nicholasdoc 


As  the  access  intervals  are  pre  computed,  the  query  execution  time  is  less  and  thus  it 
increases  the  responsiveness  of  the  system.  Such  a  scheme  is  efficient  when  the  group 
membership  is  comparatively  stable  and  the  number  of  access  queries  to  be  answered 
at  any  point  of  time  is  large  i.e. 

At  time  t,  No  of  group  operations  «  No  of  access  queries. 
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Chapter  7 


CONCLUSION  AND  FUTURE  WORK 

In  today’s  world,  there  is  a  serious  need  for  Information  sharing  model,  On  these  lines 
we  have  made  an  effort  to  demonstrate  the  worthiness  of  gSIS  model  in  handling  real 
world  scenario’s. 

We  have  presented  a  framework  for  gSIS  that  promotes  information  sharing,  our 
focus  also  relied  on  modeling  hierarchical  groups  and  automating  group  membership 
using  semantic  web. 

The  usefulness  of  gSIS  model  has  also  been  demonstrated  in  real  world  applications 
like  Graduate  Student  admissions,  P  &  T  committee  and  Social  Media  applications. 

In  this  thesis,  we  have  focused  on  the  operational  semantics  of  gSIS  model  without 
taking  into  consideration  the  administrative  operation.  We  realize  that  the 
administrative  model  is  indeed  necessary  and  is  required  for  the  gSIS  model  to  grow 
as  a  whole.  Our  next  immediate  task  would  be  to  work  on  this  aspect  of  gSIS. 
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